Forum Replies Created
-
Posts
-
It’s great to see that you’re testing the driver performance over a 10GB network.
Exploring multithreading is a good approach, as it can help distribute the load across multiple CPU cores and potentially improve performance. For example, in a project I encountered, packets were read by one thread, processed by two additional threads (one for incoming and another for outgoing), and injected into the stack by a fourth thread.
To provide more specific suggestions and help optimize your code, it would be helpful to see a code snippet demonstrating how you’re reading and re-injecting packets per operation. The more data you read from the driver in a single call, the better performance you can achieve. For instance, if you’re currently reading 256 packets per operation, you might try increasing this value to 1024 and see if it improves the results.
Thank you for reaching out regarding the issue you’re experiencing with Wiresock in your restricted network environment.
Please note that Wiresock does not support using localhost IP (127.0.0.1) as an endpoint. I recommend trying to specify the real local IP address instead of 127.0.0.1 for the WireGuard config endpoint.
However, I must mention that I am not certain if this change will work out-of-the-box, and some code adjustments may be necessary to ensure proper functionality of local redirect
If you encounter any issues, we recommend first trying to start the application/service with the ‘-log-level all’ command line parameter. If running the application, this will output the debug log to the console and save processed packets into PCAP files for analysis.
The method to bypass the Egyps wireguard vpn blocking won’t work any more,I just tested it.
The post was created over a year ago, so the situation may have changed since then and I am unable to verify if the information is still accurate.
BTW,is it any quick method or tools to detect if the ISP blocks UDP or not,since some ISP may block the UDP protocol so wireguard won’t work at all.It would be nice to do so before to install wireguard.
One possible solution to test whether UDP is blocked or not is to use performance measurement tools such as iperf3. These tools can help to determine if there are any issues with network performance that could be impacting the use of UDP. By conducting these tests prior to installing Wireguard, you can proactively identify any potential issues and take appropriate steps to address them.
It’s Windows Server 2016 X64
It is peculiar, but configuring the Network Category to Private can be beneficial, although it is not required.
To the best of my recollection, there was a similar issue on Windows 7, although it did not impact the overall functionality of Wiresock VPN Gateway. However, configuring the VPN network adapter as a private network (which failed according to your log) can often provide greater convenience and ease of use.
With this in mind, may I kindly inquire as to which operating system you are currently using?
In addition, I am also considering the possibility of opening the source code for wg-quick-config to facilitate the analysis of such issues in the future. By making the source code more accessible and transparent, it will be easier for users to understand and diagnose potential issues, as well as contribute to the development of the project.
To properly uninstall the service, follow these steps:
- Use the command “wiresock-service uninstall” to uninstall the service.
- Reboot your system.
- Check if the service still exists in the registry. If it does, remove it using regedit.
- Reboot your system again to ensure that all changes take effect.
After completing these steps, the service should be fully uninstalled, and you can proceed with a fresh installation.
1. Determining the root cause of the issue is challenging without access to the MSI log. If you collect one I can check.
2. It’s important to note that SHA-1 code signing reached its end-of-life on December 1, 2020, and it’s no longer possible to sign drivers for Windows Vista/2008/7/8 using this method. However, an update for Windows 7 added support for SHA-256 code signing certificates, which may also work for Windows 2008 R2. But yes, it is sometimes a real pain to sign drivers for EOL Windows versions.
Just a small update on the topic. There are two options available to you for managing the client more easily:
TunnlTo: A Rust project that starts wiresock-vpn-client.exe in the background and provides it with configuration options.
EpexGUI: A C# project that functions similarly to TunnlTo. However, I have created a fork that includes significant modifications, such as directly calling wgbooster.dll instead of wiresock-vpn-client.exe and adding a Wiresock Client installer for x86 platforms. This fork also includes support for transparent (NAT) mode, which can simplify the user experience. While it’s uncertain whether the original author will accept these changes, you can download the latest release of this fork here.
Both options offer several convenient features, such as importing and editing Wireguard configurations and switching between tunnels, which can greatly simplify the user experience when using the WireSock VPN Client.The term ‘wireguard.exe’ is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Based on this error message, it seems that WireGuard for Windows may either not be installed or hasn’t been added to the Path environment variable. It’s important to remember to restart the CMD or PowerShell console after installing WireGuard for Windows and before running wg-quick-config. This will ensure that any changes made during the installation process take effect and allow you to run the command without any issues.
Hi,
I apologize, but I don’t have one. However, I don’t believe it would be a significant issue to port the C++ code to C#. I’m not an expert in C# but it can be something like this:
foreach (PFAST_IO_SECTION i in fast_io_section) { if (Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0) != 0) { Interlocked.Exchange(ref i.fast_io_header.read_in_progress_flag, 1); var write_union = Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0); uint current_packets_success = (uint)write_union.union_.split.number_of_packets; // // Copy packets and reset section // Buffer.BlockCopy(i.fast_io_packets, 0, packet_buffer_, (int)(fast_io_packets_success * Marshal.SizeOf<INTERMEDIATE_BUFFER>()), (int)(current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>()); // For the last packet(s) wait the write completion if in progress write_union = Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0); while (write_union.union_.split.write_in_progress_flag != 0) { write_union = Interlocked.CompareExchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0, 0); } // Copy the last packet(s) Buffer.BlockCopy(i.fast_io_packets, (int)(current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), packet_buffer_, (int)(fast_io_packets_success + current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), Marshal.SizeOf<INTERMEDIATE_BUFFER>()); if (current_packets_success < write_union.union_.split.number_of_packets) { current_packets_success = write_union.union_.split.number_of_packets; Buffer.BlockCopy(i.fast_io_packets, (int)(current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), packet_buffer_, (int)(fast_io_packets_success + current_packets_success - 1) * Marshal.SizeOf<INTERMEDIATE_BUFFER>(), Marshal.SizeOf<INTERMEDIATE_BUFFER>()); } Interlocked.Exchange(ref i.fast_io_header.fast_io_write_union.union_.join, 0); Interlocked.Exchange(ref i.fast_io_header.read_in_progress_flag, 0); fast_io_packets_success += current_packets_success; } }The NDISAPI is a lightweight layer over the driver’s interface, and it does not have its own threads. However, if you use the NDISAPI through the simple_packet_filter class, then this class is responsible for creating the underlying thread that reads and writes packets.
You can configure access to a desired domain over VPN if it consistently resolves to the same IP addresses. For instance, ntkernel.com resolves to 95.179.146.125. In this case, you can add this IP address to the AllowedIPs to access it via VPN. However, if the domain name resolves to varying IP addresses, such as with dynamic DNS or a CDN hosted site, this method is not supported.
